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The  goal  of  this  paper  is  two-fold.  We  first  focus  on  the  problem  of  deciding  whether  two 
monomial  rotation  symmetric  (MRS)  Boolean  functions  are  affine  equivalent  via  a  permu¬ 
tation.  Using  a  correspondence  between  such  functions  and  circulant  matrices,  we  give  a 
simple  necessary  and  sufficient  condition.  We  connect  this  problem  with  the  well  known 
Adam’s  conjecture  from  graph  theory.  As  applications,  we  reprove  easily  several  main  re¬ 
sults  of  Cusick  et  al.  on  the  number  of  equivalence  classes  under  permutations  for  MRS  in 
prime  power  dimensions,  as  well  as  give  a  count  for  the  number  of  classes  in  pq  number 
of  variables,  where  p,  q  are  prime  numbers  with  p  <  q  <  p^.  Also,  we  find  a  connection 
between  the  generalized  inverse  of  a  circulant  matrix  and  the  invertibility  of  its  generat¬ 
ing  polynomial  over  F2,  modulo  a  product  of  cyclotomic  polynomials,  thus  generalizing  a 
known  result  on  nonsingular  circulant  matrices. 
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1.  Introduction 

The  class  of  rotation  symmetric  Boolean  functions  (RSBFs)  has  received  some  attention  from  a  combinatorial  and 
cryptographic  perspective.  The  initial  study  on  the  nonlinearity  of  these  functions  (called  idempotents  there)  was  done 
by  Filiol  and  Fontaine  [19].  Later  on,  the  nonlinearity  and  correlation  immunity  of  such  functions  have  been  studied  in  detail 
in  [9,23,31,30,37,38].  Applications  of  such  functions  in  hashing  has  also  been  investigated  by  Pieprzyk  and  Qu  [35].  We  want 
to  mention  also  several  papers  [15-17,19,36]  dealing  with  some  other  properties  of  RSBF,  as  well  as  their  involvement  inS- 

boxes.  These  functions  are  interesting  to  look  into,  since  their  space  is  much  smaller  (»2  »  )  than  the  total  space  of  Boolean 
functions  (2^  )  and  the  set  contains  functions  with  good  cryptographic  properties.  It  has  been  experimentally  demonstrated 
that  there  are  functions  in  this  class  which  are  good  in  terms  of  balancedness,  nonlinearity,  correlation  immunity,  algebraic 
degree  and  algebraic  immunity  (resistance  against  algebraic  attack)  [16]. 

It  is  interesting  to  note  that  the  famous  Patterson-Wiedemann  functions  [33]  that  achieve  nonlinearity  16,276  (strictly 
greater  than  nonlinearity  2'^“^  —  obtained  by  bent  functions  concatenation)  in  15  variables  are  in  fact  rotation 

symmetric.  Moreover,  Kavut  et  al.  [25-27]  proved  that  there  exist  rotation  symmetric  functions  in  9  variables  having 
nonlinearity  241  and  242  (which  is  also  strictly  greater  than  the  bent  concatenation  nonlinearity  2®“'  —  2*^®“^*/^),  which 
was  rather  surprising  and  gives  further  motivation  for  the  investigation  of  rotation  symmetric  Boolean  functions. 

Recently,  there  is  some  sustained  effort  to  investigate  the  affine  equivalence  of  some  classes  of  Boolean  functions,  in 
particular  the  rotation  symmetric  Boolean  functions  (RSBF).  In  spite  of  their  simplicity,  the  problem  proves  to  be  quite  chal¬ 
lenging.  We  mention  here  the  papers  [3,7,10-13]  (and  the  references  therein),  which  deal  with  low  degrees  (two  to  four)  of 
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monomial  RSBFs,  or  some  particular  cases  of  the  dimension  where  the  functions  are  defined.  Here,  we  propose  a  more  elegant 
(we  believe)  approach  for  equivalence,  which  works  for  any  degree,  and  apply  it  to  count  some  cubic  equivalence  classes. 

Here  is  an  outline  of  this  work.  Section  2  gives  basic  definitions,  including  monomial  rotation  symmetric  (MRS)  Boolean 
functions  and  affine  equivalence,  and  a  known  result  for  such  quadratic  functions.  Section  3  discusses  computational 
complexity  of  determining  affine  equivalence.  Section  4  gives  several  useful  facts  about  circulant  matrices.  In  Section  5,  we 
define  S-equivalence  (affine-equivalent  by  permutation  matrix)  and  show  in  detail  the  connection  between  MRS  functions 
and  circulant  matrices,  resulting  in  our  Theorem  5.2  that  S-equivalence  of  the  functions  is  the  same  as  P-Q  equivalence 
of  the  matrices.  In  Section  6  we  use  this  connection,  along  with  a  powerful  result  of  Wiedemann  and  Zieve  [40],  to  give 
new  proofs  for  counting  the  number  of  equivalence  classes  for  cubic  MRS  functions,  in  three  cases:  degree  n  =  p  prime 
(our  Theorem  6.3),  n  =  p'‘  prime  power  (Theorem  6,5),  and  n  =  pq  product  of  two  primes  (Theorem  6.6).  In  Section  7,  we 
explore  how  a  circulant  matrix  inverse,  pseudoinverse,  or  generalized  inverse  might  relate  to  function  equivalence.  First, 
Theorem  7.3  generalizes  a  previous  result,  to  give  a  condition  on  the  factors  of  the  generating  polynomial  that  guarantee 
the  circulant  matrix  has  a  circulant  reflexive  generalized  inverse.  Then  Theorem  7.8  gives  a  necessary  condition  on  weights 
when  functions  are  S-equivalent  with  invertible  circulant  matrices.  Also,  Theorem  7.12  gives  some  facts  about  the  case  when 
the  matrix  has  a  pseudoinverse. 

2.  Preliminaries 

A  Boolean  function/  on  n  variables  may  be  viewed  as  a  mapping  from  Fj  =  {0,  1}"  into  the  two-element  field  F2;  it  can 
also  be  interpreted  as  the  output  column  of  its  truth  table/,  that  is,  a  binary  string  of  length  2",/  =  [/(O,  0, . . . ,  0),/(l,  0, 

. . . ,  0), . . .  ,/(l,  1, . . . ,  1)].  The  set  of  all  Boolean  functions  is  denoted  by  £„■ 

The  addition  operator  over  F2  is  denoted  by  -F.  An  n-variable  Boolean  function  /  can  be  considered  to  be  a  multivariate 
polynomial  over  F2.  This  polynomial  can  be  expressed  as  a  sum  of  products  representation  of  all  distinct  kth  order  products 
(0  <  k  <  n)  of  the  variables.  More  precisely, /(xi , . . . ,  x„)  can  be  written  as 

oo  -F  0  OiXi  -F  0  a,jXiXj  -I - F  ai2...nXiX2 . .  .x„, 

l<i<n 

where  the  coefficients  Qq,  ay, . . . ,  ai2..,n  G  {0,  1}.  This  representation  off  is  called  the  algebraic  normal  form  (ANF)  of /.  The 
number  of  variables  in  the  highest  order  product  term  with  nonzero  coefficient  is  called  the  algebraic  degree,  or  simply  the 
degree  of/  and  denoted  by  deg(f).  A  Boolean  function  is  said  to  be  homogeneous  if  its  ANF  contains  terms  of  the  same  degree 
only. 

Functions  of  degree  at  most  one  are  called  affine  functions.  An  affine  function  with  constant  term  equal  to  zero  is  called  a 
linear  function.  Letx  =  (xi, . . . ,  x„)  and  w  =  (a»i, . . . ,  qj„)  both  belong  to  Fj  andx-ai  =  xia»i-| - l-x„w„. The  Hamming  dis¬ 

tance  between  x  and  w,  denoted  by  d(x,  w),  is  the  number  of  positions  where  x,  co  differ.  Also  the  (Hamming)  weight,  denoted 
by  wt(x),  of  a  binary  string  x  is  the  number  of  ones  in  x.  An  n-variable  function  /  is  said  to  be  balanced  if  its  output  column 
in  the  truth  table  contains  equal  number  of  O’s  and  I’s  (i.e.,  wt(f)  =  2"“’ ).  The  nonlinearity  of  an  n-variable  function/  is  the 
minimum  distance  to  the  entire  set  of  all  affine  functions,  distance  known  to  be  bounded  from  above  by  2"“ '  —  2"^^“  ’ .  We  de¬ 
fine  the  (right)  rotation  operator  pn  on  a  vector  (xi,  X2, . . . ,  x„)  e  Fj  by  Pn(xi,  X2, ... ,  Xn)  =  (Xn,  X],  X2, . . . ,  x^-i).  Hence,  p^ 
acts  as  a  k-cyclic  rotation  on  an  n-bit  vector.  A  Boolean  function/  is  called  rotation  symmetric  if  for  each  input  (xi , . . . ,  Xn)  in 
Flf(Pn(Xt,  X„))  =/(Xi,  .  .  .  ,  Xn),  for  1  <  k  <  n.  That  is,  the  rotation  symmetric  Boolean  functions  are  invariant  under 
cyclic  rotation  of  inputs.  The  inputs  of  a  rotation  symmetric  Boolean  function  can  be  divided  into  partitions  so  that  each  par¬ 
tition  consists  of  all  cyclic  shifts  of  one  input.  A  partition  is  generated  by  Gn(xi,X2,  ...,X„)  =  {Pn(Xi,X2,  ...,Xn)|l  <  k  <  u] 
and  the  number  of  sets  in  this  partition  is  denoted  by  g„.  Thus  the  number  of  n-variable  RSBFs  is  2®".  Let  0(k)  be  Euler's  phi- 
function,  then  Stanica  and  Maitra  [37]  give  gn  =  |  0(^0  2^ .  We  refer  to  [37,31,30]  for  the  formula  on  how  to  calculate 

the  number  of  partitions  with  weight  w,  for  arbitrary  n  and  w,  as  well  as  the  number  h„  of  full  length  n  classes  (Ref.  [28] 
corrects  the  count  of  [37]  for  h„,  when  n  is  not  a  prime  power). 

A  rotation  symmetric  function/(xi, . . .  ,x„)  can  be  (for  short)  written  as 

oo  -F  a,x,  -F  ^  QijXiXj  -I - F  ai2...nXiX2  . . .  x„, 

where  the  coefficients  ao,  Oi,  ay, . . . ,  012. e  (0,  1},  and  the  existence  of  a  representative  term  XiX.^ . .  .Xy  implies  the 
existence  of  all  the  terms  from  G„(xiXy  . . .  x,,)  in  the  ANF.  This  representation  off  (not  unique,  since  one  can  choose  any 
representative  in  G„(xjXj2  . .  .x,,))  is  called  the  short  algebraic  normal  form  (SANF)  off.  If  the  SANF  off  contains  only  one 
term,  we  call  such  a  function  a  monomial  rotation  symmetric  (MRS)  function.  Certainly,  the  number  of  terms  in  the  ANF  of  a 
monomial  rotation  symmetric  function  is  a  divisor  of  n  (see  [37]).  If  that  divisor  is  in  fact  n,  we  call  the  function  a  full-cycle 
MRS,  otherwise  a  short-cycle  MRS. 

We  say  that  two  Boolean  functions  /(x)  and  g(x)  in  are  affine  equivalent  if  g(x)  =  /(xA  -F  b),  where  A  €  GLn(F2) 
(n  X  n  nonsingular  matrices  over  the  finite  field  F2  with  the  usual  operations)  and  b  is  an  n-vector  over  F2.  We  say/(xA  -F  b) 
is  a  nonsingular  affine  transformation  of/(x).  It  is  easy  to  see  that  iff  and  g  are  affine  equivalent,  then  they  have  the  same 
weight  and  nonlinearity:  wt(f)  =  wt(g)  and  N/  =  Ng  (these  are  examples  of  affine  invariants). 

The  relevance  of  these  two  invariants  can  be  inferred  by  recalling  the  well-known  result  (see  [10],  for  example). 
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Theorem  2.1.  Two  quadratic  functions  f  and  g  in  are  affine  equivalent  if  and  only  if  wt(f)  =  wt(g)  and  Nf  =  Ng. 

Unfortunately,  the  result  (as  stated)  cannot  be  extended  to  higher  degrees.  In  addition  to  our  first  approach  for 
equivalence,  in  our  second  approach  (a  counterpart  to  the  previous  theorem)  we  obtain  another  criterion  based  on  weight 
for  degrees  >  2,  which  unfortunately,  will  turn  out  to  be  just  necessary,  but  not  sufficient.  In  spite  of  that,  it  can  be  used 
successfully  to  show  non-equivalence  in  many  cases. 


3.  Complexity  comments 

Besides  the  pure  mathematical  interest,  affine  equivalence  is  of  major  interest  in  cryptography.  Two  major  methods 
in  the  study  of  S-boxes  used  in  block  ciphers,  namely  differential  and  linear  cryptanalysis,  are  invariant  under  affine 
transformations.  It  is  not  only  convenient,  but  also  of  vital  importance  to  study  only  one  representative  of  the  affine 
equivalence  class  with  respect  to  these  attacks. 

Moreover,  even  from  an  implementation  point  of  view  there  may  be  other  representations  of  the  same  cipher,  with 
the  same  resistance  against  attacks,  but  using  affine  equivalent  S-boxes,  which  are  simpler  to  implement  (in  software  and 
hardware).  The  simpler  systems  of  low-degree  equations  obtained  as  a  result  of  understanding  the  affine  equivalence  classes 
of  S-boxes  may  be  useful  in  designing  countermeasure  against  some  attacks,  like  the  side-channel  attacks  [5,8], 

A  direct  affine  equivalence  verification  requires  a  search  over  all  elements  of  GLn(F2),  and  this  has  computational 
complexity  0(2"  ),  which  becomes  quite  difficult  for  n  >  7.  Certainly,  there  are  (simple)  algebraic  properties  of  Boolean 
functions,  which  are  invariant  under  affine  transformations,  like  the  algebraic  degree  and  the  frequency  distribution  of  the 
absolute  values  in  the  Walsh  or  autocorrelation  spectrum  (all  of  which  were  used  in  Fuller’s  Ph.D.  thesis  [20],  for  example), 
but  these  fail  to  completely  distinguish  affine  equivalence.  In  fact,  these  criteria  already  fail  for  n  =  6,  as  was  pointed  out 
in  [21].  Two  more  complicated  affine  invariants  were  introduced  in  [6],  but  they  also  fail  for  n  >  6. 

Some  version  of  these  questions  have  been  looked  at,  starting  with  Harrison’s  paper  [22],  and  major  advances  have  been 
made  for  small  degrees  <  4,  e.g.  [7,10,11,14,12,13],  but  no  major  advances  have  been  made  for  general  high  degree  Boolean 
functions.  Berlekamp  and  Welch  [2]  in  1972  found  explicitly  all  equivalence  classes  for  functions  on  5  variables,  and  in 
1991,  Maiorana  [29]  looked  at  6  variables  and  found  150,  357  such  equivalence  classes  (both  of  these  results  also  allowed 
transformations  of  the  output). 

We  point  out  that  two  algorithms  for  checking  affine  equivalence  have  been  proposed  by  Biryukov  et  al.  [5]  with  time 
complexity  0(n^2^"),  so  they  will  work  efficiently  for  small,  say  n  <  32,  dimensions.  However,  these  algorithms  fail  to  attack 
the  general  problem. 


4.  Circulant  matrices  and  a  group  structure 

We  will  concentrate  on  matrices  whose  entries  are  in  the  two-element  field  F2.  Ann  x  n  matrix  C  is  circulant,  denoted 
by  C(ci ,  C2, . . . ,  Cn),  if  all  its  rows  are  successive  circular  rotations  of  the  first  row,  that  is, 

/Cl  C2  .  .  Cn  \ 

^  _  tn  Cl  .  .  Cn— 1 

Vc2  C3  .  .  Cl  / 

It  is  interesting  to  note  the  following  equivalent  way  of  defining  circulant  matrices,  whose  proof  is  immediate:  an  n  x  n 
matrix  C  =  {c,j}  is  circulant  if  and  only  if  c,j  =  Cu„  whenever  j  —  i  =  v  —  u  (mod  n).  We  further  define  the  generating 
polynomial  F  of  a  circulant  matrix  C(ci , . . . ,  c„)  by 

F(z)  -  Cj  -h  C2Z  -I - h  CnZ"“^ 


It  is  well-known  (see,  for  instance,  [18])  that  the  set  Cn  of  all  n  x  n  circulant  matrices  forms  a  commutative  algebra. 
Moreover,  every  matrix  in  (?„  is  normal;  recall  that  a  normal  (real)  matrix  A  is  one  which  satisfies  A^A  =  AA^,  where  A^  is 
the  transpose  of  the  matrix  (actually,  circulant  matrices  commute  with  each  other,  in  general,  as  shown  below  in  Lemma  4. 1 ). 
Much  more  is  known  about  circulant  matrices  C :  for  instance,  their  determinant  can  be  expressed  in  terms  of  nth  roots  of 
unity,  say  (w,  and  C  can  be  diagonalized  via  the  Fourier  matrix  whose  ith  row  is  (1,  a>',  of', . . . ,  The  interested  reader 

can  consult  the  myriad  of  research  papers  on  circulant  (and  Toeplitz)  matrices  (e.g.,  [18]).  However,  some  results  on  circulant 
complex  matrices  do  not  carry  over  to  circulant  matrices  over  a  finite  field,  which  makes  their  use  a  bit  more  complicated 
in  that  environment. 

Below  we  display  a  result  that  will  be  proved  to  be  quite  useful.  Let  G  be  the  n  x  n  binary  circulant  matrix  G  = 
C(0,  1,0,...,  0).  Since  for  anyA  =  C(ai,  a2, . . . ,  a„)  g  Cn,  thenA  =  tiiG'~^  =  ^,g2i(a)  ^i  ^  ^^2.  where  A(A)  = 
{i|  a,  =  1]  c  (1,  2,  . . . ,  n],  and  so,  that  the  powers  <  n  —  1  of  G  form  a  basis  for  the  commutative  algebra  Cn. 

The  next  well-known  lemma  shows  that  the  multiplication  of  circulant  matrices  is  commutative. 
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Lemma  4.1.  Let  A  =  C(au  02, ...  ,an)  and  B  =  C(bu  b2, . . . ,  bn)  be  two  elements  of  Cn.  Then, 


AB  =  BA  =  C 


^ibj,  Oibj,...,  “-A- 


1  fJ=l  lJ='l 

\j+j=2  (mod  n)  i+j=3  (mod  n) 


|J=1  / 

i+j=l  (mod  Ji)  / 


aibj,  Oibj,...,  a,bj 

ie2i(A)je4(B)  ie4(4)j6A(B) 

\j+j=2  (mod  n)  i+j=3  (mod  n)  i+j=1  (mod  n) 


Corollary  4.2.  Let  A  =  C(ai,  02, . . . ,  a„)  be  a  circulant  matrix  over  F2.  Then 


E 


au 


E 


Cli, 


\  '=1 

\2i=2  (mod  n) 


i=l 

2i=3  (mod  n) 


E 


\ 

Cli 


1=1 

2i=l  (mod  n) 


/ 


|C(ai,  afn/21+1,  <32,  <3rn/2i+2,  ■  ■  •)  if  ti  is  odd 

|c(ai  +  a„/2+i,  0,  02  +  an/2+2,  0, . . .)  if  n  is  even. 


An  n  X  n  permutation  matrix  is  an  n  x  n  matrix  obtained  by  applying  a  permutation  cr  €  S„  (the  symmetric  group)  to 
the  rows  (or,  equivalently,  columns)  of  the  identity  matrix  I„. 

We  define  a  relation  on  the  set  ofnxn  circulant  matrices  as  follows.  Let  Ai  =  C(ai, . . . ,  a„),  A2  =  C(bu  . . . ,  bn).  Then 

Al  ~  A2  if  and  only  if  (oi, . . . ,  On)  =  Pn(bu  ■  •  ■ ,  bn),  for  some  0  <  fe  <  n  —  1. 

It  is  immediate  that  the  relation  ~  is  an  equivalence  relation,  which  partitions  Cn  in  equivalence  classes,  whose  set  will  be 
denoted  by  Cn  /~.  We  will  denote  the  equivalence  class  of  C(ai,  02, ,  a„)  by  (C(ai,  02, ... ,  On)). 

Lemma  4.3.  For  two  arbitrary  invertible  circulant  matrices  Mi ,  M2,  then  Mi  ~  M2  if  and  only  if  Mf  ’  ~ 

Proof.  Take  Mi  =  C(ai,  02, ... ,  On),  M2  =  C(bi,  b2, ...  ,bn)  and  =  C(q!i,  012, ... ,  oin)  and  =  C(ySi,  P2 .  ■  ■ ,  Pn).  It 
is  sufficient  to  show  that  Mj"’  G  (C(o'i,  0:2,  ■ .  ■ ,  Q<n)). 

We  know  that  (hi,  b2,  . . . ,  b„)  =  Pn(at,  02, ...  ,a„)  for  some  k.  Thus,  there  is  a  circulant  permutation  matrix 
P((  =  C(p^(l,  0, . . . ,  0))  =  G*^  such  that  M2  =  MiPj, 

(where  again  G  generates  the  standard  basis  for  n  x  n  circulant  matrices).  Taking  inverses  and  using  Lemma  4.1  gives 
M-'  =  =  Mf'Pk, 

so  ~  Mf^.  Further,  comparing  first  rows,  where  P^  rotates  a  row,  we  get  (au  ... ,  oin)  =  PniPt, ... ,  fin),  which  shows 
the  necessity  of  our  claim.  The  sufficiency  is  immediate.  □ 


Theorem  4.4.  The  set  (Cn  /-  ,■)  with  the  operation  (A)  •  (B)  :=  (AB)  is  a  commutative  monoid.  Moreover,  the  previous  operation 
partitions  the  invertible  circulant  matrices  Cn  into  equivalence  classes,  say  C*  /.^,  and  consequently,  (C*  /-^ ,  ■)  becomes  a  group. 

Proof.  First,  we  show  that  the  operation  is  well-defined.  Let  A  =  C(ai ,...,  an)  ~  A'  =  C(a', ,...,  aj,),  B  =  C(bj  ,...,&„)  ~ 
B'  =  C(b\ , . . . ,  £)'„).  We  need  to  show  that  AB  ~  A'B'.  Take  k,  s  such  that  p^(ai , . . . ,  On)  =  (a'j , . . . ,  a'„)  and  p^(bi, . . . ,  bn)  = 
(b\, . . . ,  bjj).  That  is.  A'  =  AG*',  B'  =  BG\  By  Lemma  4.1, 

A'B'  =  AG''BG"  =  ABG''+*  = 
soA'B'  ~  AB(by  p^+smodn^^ 

The  associative  property  then  follows  from  that  of  matrix  multiplication.  The  identity  element  is  (C(l,  0, . . . ,  0))  =  (/„), 
the  class  of  the  identity  matrix.  The  commutative  property  follows  from  the  commutative  property  of  the  circulant  matrices. 

By  Lemma  4.3,  for  nonsingular  M  we  can  let  (M)“'  (which  is  well-defined)  be  the  equivalence  class  of  all  inverses  of 
circulant  matrices  from  (M).  Clearly,  (M)  •  (M)“'  =  (M)  •  (M“’)  =  (/„),  and  the  result  is  shown.  □ 


5.  S -equivalence  of  monomial  rotation  symmetric  Boolean  functions 

The  goal  in  this  section  is  to  investigate  the  affine  equivalence  of  monomial  rotation  symmetric  (MRS)  functions/,  g  under 

permutation  of  variables,  which  we  call  S-equivalence  and  denote  by/  ~  g.  We  will  see  that  there  is  a  strong  connection 
between  MRS  functions  and  circulant  matrices,  which  can  help  in  determining  the  S-equivalence. 


D.  Canright  et  al.  /  Discrete  Mathematics  338  (2015)  2197-221 1 


2201 


Example  5.1.  Let  n  =  7,  and  the  quartic  MRS 

/(X)  =  X1X2X3X4  +  X2X3X4X5  +  X3X4X5X6  +  X4X5X6X7  +  X5X6X7X1  +  X6X7X1X2  +  X7X1X2X3, 
g(x)  =  X1X2X4X6  +  X2X3X5X7  +  X3X4X6X1  +  X4X5X7X2  +  X5X6X1X3  +  X6X7X2X4  +  X7X1X3X5. 

Using  the  permutation  tt  =  (2,  3,  5)(4,  7,  6)  (product  of  disjoint  cycles),  one  can  check  that/  ojt=g. 

Let/  =  XiXj2  •  •  ■  Xjj  +  X2Xj2+i  •  •  •  Xjj+i  H - h  XnXj^-i  •  •  •  Xj^_i  be  a  MRS  function  of  degree  d,  with  the  SANF  XiXj^  •  •  •  Xj^.  We 

associate  to/  the  following  circulant  matrix  equivalence  class 

Af  =  (C(1,0, 1,0,  1,  1,...,0)),  (1) 

where  the  1  bits  (indicated  above)  appear  in  positions  given  by  the  indices  in  the  SANF  monomial  off.  Of  course,  the  SANF 
for/  is  not  unique,  but  the  equivalence  class  A;  is. 

We  extend  the  A  notation  for  binary  circulant  matrices  to  a  few  other  domains.  For  a  binary  (row)  vector  (a^,  02, . . . ,  a„) 
of  dimension  n,  let  2\(ai,  02, ... ,  On)  =  {i|  a,  =  1},  so  for  a  bit  vector  a  the  connection  with  the  corresponding  circulant 
matrix  is  clear:  A{C{a))  =  A  (a).  Similarly,  for  a  single  monomial  term  Xj^Xj^  ■  ■  -Xy  of  degree  d  in  n  variables,  we  define 

AfXj^Xj^  ■  ■  -Xij)  =  {ijjj  =  1,  2, . . . ,  d}.  We  can  also  extend  this  to  the  MRS  function  with  this  SANF,/  =  Xj^Xj^  ■  ■  -Xj^, 

as  A (f)  =  A(XijXi^  ■  ■  -  Xj^);  this  is  not  unique,  but  for  this  usage  we  prefer  to  simply  consider  all  such  sets  equal  under 
a  cyclic  rotation  permutation  of  the  indices,  so  we  will  not  unnecessarily  complicate  the  notation.  That  is,  for  A/  as  in 
(1),  then  A(f)  =  {1,  j/,  ■ . .  ,Jd}  =  {2,12  +  1,  ■  ■  ■ , Id  +  1}  =  ■  •  ■  ■  Then  any  particular  set  A  of  indices  (out  of  n) 
defines:  a  unique  monomial  x,,x,2  •  •  -x,^  in  n  binary  variables;  a  unique  n-dimensional  bit  vector  a;  the  corresponding 
unique  circulant  matrix  C(a);  the  corresponding  unique  matrix  equivalence  class  (C(a)):  and  the  corresponding  unique 
MRS  function/  =  Xf^x,-^  •  •  •  x.^  (SANF)  such  that  A/  =  (C(a)). 

The  details  of  the  correspondence  between/  in  n  variables  and  A;  are  as  follows.  The  MRS  /  of  degree  d  is  the  sum  of  k 
distinct  monomials,  where  k  divides  n.  Each  monomial  corresponds  to  a  unique  row  vector  (as  above)  where  both  have  the 
same  set  of  indices  A;  the  degree  d  of  the  monomial  is  the  weight  of  the  vector  and  the  size  of  the  set.  The  equivalence  class 
Af  comprises  k  distinct  circulant  matrices;  their  first  rows  correspond  to  the  k  monomials.  For  each  matrix  in  A/,  the  first  k 
rows  are  distinct,  and  these  rows  repeat  r  =  n/k  times.  So  each  matrix  has  the  same  multi-set  of  rows  as  the  others. 

We  now  consider  another  type  of  equivalence  between  circulant  matrices,  which  can  be  extended  to  the  equivalence 
classes  we  have  defined. Fortwo  circulant  matricesA,  B,  ifthere  are  permutation  matrices  P,  QsuchthatPA  =  BQ,thenAand 
B  are  called  P-Q  equivalent.  It  is  known  in  that  case  that  AA’^  and  BB^  are  similar  matrices  (in  fact,  there  exists  a  permutation 
matrix  which  conjugates  one  to  the  other)  [40].  Moreover,  it  is  rather  straightforward  to  see  that  AA^  =  jeA(A)  where 
A  =  C(ai, . . . ,  a„).  This  actually  points  to  the  importance  of  the  differences  i  —  j,  which  played  a  role  in  Cusick’s  paper  [10], 
dealing  with  wt{A(f))  =  3,  only. 

Note  that  since  any  two  representative  matrices  Ai,  A2  of  an  equivalence  class  (A)  are  related  by  a  rotation  of  the  row 
order,  there  is  a  circulant  permutation  matrix  R  (=  C''  for  some  k)  such  that  Ai  =  RA2  =  A2R.  So  the  notion  of  P-Q  equiv¬ 
alence  extends  naturally  from  circulant  matrices  to  equivalence  classes.  That  is,  if  Ai  =  R71A2, 61  =  62^8,  and  PiAi  =  B1Q.1, 
then  P2A2  =  B2Q2  where  P2  =  P^Ra  and  Q2  =  RbQa-  In  this  sense,  we  can  say  that  the  classes  (A),  (B)  are  P-Q  equivalent. 

P-Q 

For  functions/,  g  where  A/  and  Ag  are  P-Q  equivalent,  it  is  customary  to  write/  ~  g. 

The  next  result  is  not  hard  to  show,  but  it  provides  a  way  to  “move”  the  S-equivalence  problem  into  the  realm  of  matrix 
equivalences. 

Theorem  5.2.  Two  MRS  Boolean  functions  f ,  g  in  n  variables  are  S-equivalent  if  and  only  if  their  corresponding  circulant  matrix 
equivalence  classes  Af  and  Ag  are  P-Q  equivalent 

Proof.  Let  A,  B  be  representative  circulant  matrices  of  the  classes  A/,  Ag,  respectively. 

Assume /,g  are  S-equivalent.  Then  there  is  a  permutation  matrix  Q  that  permutes  the  variables  in  the  row  vector  x 
such  that/(xQ)  =  g(x).  Let  y  =  xQ,  so / (y)  =  g(x).  From  ( 1 )  we  know  that  the  column  positions  of  the  Is  in  a  row  of  B 
indicate  which  bit  variables  of  x  appear  in  the  corresponding  monomial  term  of  g.  Applying  the  permutation  Q  to  each  row 
thus  permutes  the  column  order  to  give  BQ,  in  which  the  new  column  positions  of  the  Is  in  a  row  now  indicate  which  bit 
variables  of  y  appear  in  the  corresponding  monomial  term  of/,  by  S-equivalence.  Hence,  each  of  the  rows  in  BQ  appears  in 
A.  Ifg  is  full-cycle,  each  row  is  distinct,  and /  is  full-cycle  as  well,  and  so  we  can  reorder  the  rows  with  a  permutation  matrix 
P  to  get  PA  =  BQ.  Or  ifg  has  a  short  cycle  of  length  k,  then  the  first  k  rows  of  BQ  repeat  r  =  n/k  times,  and  /  has  the  same 
cycle  length  and  number  of  repetitions  of  rows  in  A,  that  is,  both  BQ  and  A  have  the  same  multi-set  of  rows.  So  again  we  can 
permute  the  rows  to  get  PA  =  BQ. 

Now  assume  that  there  are  permutation  matrices  P,  Q  such  that  PA  =  BQ.  Then  the  same  reasoning  applies  in  reverse: 
A  and  BQ  have  the  same  (multi-)set  of  rows,  corresponding  to  the  terms  of/;  each  row  in  BQ  applies  the  same  permutation 
Q  of  bit  variables  to  the  corresponding  terms  ofg.  Thus/(xQ)  =  g(x),  that  is,/,  g  are  S-equivalent.  □ 

Example  5.3.  Here  we  continue  Example  5.1  of  quartics  for  n  =  7,  with  the  same  functions /(x),  g(x)  and  permutation  jr 
where  f  o  tt  =  g.  Applying  tt  to  the  columns  of  an  identity  matrix  gives  a  permutation  matrix  Q,  that  will  permute  the 
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column  order  of  a  vector  x  to  that  ofy  =  7r(x)  =  xQ;  so/(y)  =  g(x).  Let  4,  B  be  circulant  matrices  corresponding  to/,  g,  as 
shown  below.  Then  for  rows  in  BQ,  the  column  order  of  x  is  permuted  to  that  of  y,  matching  rows  of  A,  but  not  in  circulant 
order.  So  there  is  a  row  permutation  matrix  P  such  that  PA  =  BQ_  as  shown  below: 


BQ  = 


/I  1  0  1  0  1  0\ 

0  110  10  1 
10  110  10 
0  10  110  1 
10  10  110 
0  10  10  11 
\l  0  1  0  1  0  1/ 


/I  0  0  0  0  0  0\ 

0  0  0  0  1  0  0 

0  1  0  0  0  0  0 

0  0  0  0  0  1  0 

0  0  1  0  0  0  0 

0  0  0  0  0  0  1 

Vo  0  0  1  0  0  0/ 


/I  0  0  0  1  1  1\ 

0  11110  0 
1  1  0  0  0  1  1 

0  0  11110 
1  1  1  0  0  0  1 

0  0  0  1  1  1  1 

\l  1  1  1  0  0  0/ 


:  PA  : 


/O  0  0  0  1  0  0\ 

0  1  0  0  0  0  0 

0  0  0  0  0  1  0 

0  0  1  0  0  0  0 

0  0  0  0  0  0  1 

0  0  0  1  0  0  0 

Vl  0  0  0  0  0  0/ 


/I  1  1  1  0  0  0\ 

0  11110  0 
0  0  11110 
0  0  0  1  1  1  1 

1  0  0  0  1  1  1 

1  1  0  0  0  1  1 

Vl  1  1  0  0  0  1/ 


Note  that  certain  symmetries  may  be  appiied  to  one  equivaience  ciass  to  get  another  equivaience  ciass  (or  the  same 
one  again).  One  obvious  symmetry  preserved  by  rotation  is  reversai  of  a  bit  vector  x  =  (xi,  X2, . . . ,  Xn_i,  x„),  that  is, 
x'  =  (Xn,  x„_i, . . . ,  X2,  Xi).  For  exampie,  for  n  =  8,  if  the  cubic/  has  A(f)  =  {1,  2,  4},  then  appiying  reversai  to  everything 
in  the  equivaience  ciass  of/  gives  the  equivaience  ciass  of  g  where  A{g)  =  {5,  7,  8}.  Of  course  this  is  the  same  equivaience 
ciass,  since  bit  reversai  is  an  affine  transformation.  Another  symmetry,  which  is  not  an  affine  transformation,  is  bitwise 
compiementation.  if  we  compiement  everything  in  the  equivaience  ciass  of/,  we  get  the  equivaience  ciass  of  the  quintic 
h  where  A{h)  =  {3,  5,  6,  7,  8}.  in  terms  of  matrices,  if  we  iet  1  represent  the  matrix  of  aii  I’s,  then  if  PA  =  BQ_  then 
P(A+1)  =  PA+1  =  BQ+1  =  (B+1)Q.  So  resuits  on  iow-degree  MRS  poiynomiaisappiy  to  corresponding  high-degree  ones. 

6.  Counting  cubic  equivalence  classes 

We  now  give  an  application  of  our  Theorem  5.2  that  shows  easily  several  theorems  of  Cusick  [10,  Theorem  4.2],  Cusick 
and  Brown  [11].  We  also  show  a  result  on  dimension  which  is  not  a  prime,  nor  a  power  of  a  prime  (we  learned  meanwhile 
that  this  result  is  the  subject  of  the  new  paper  [14]). 

Since  it  is  going  to  be  used  throughout,  we  state  the  following  theorem  from  Wiedemann  and  Zieve  [40,  Theorem  1.1] 
connecting  the  well-known  Adam  conjecture  from  graph  theory  with  our  problem  at  hand. 

Theorem  6.1.  Let  A,  B  be  two  n  x  n  O/l-drculants  of  weight  at  most  3  with  first  rows  support  indices  A(A),  respectively,  A{B). 
Then  the  following  are  equivalent: 

1.  There  exist  u,  v  €  Z„  such  that  gcd(u,  n)  =  1  and  A(A)  =  uA(B)  -F  v. 

2.  A,  B  are  P-Q_  equivalent 

3.  There  is  ann  x  n  permutation  matrix  P  such  that  AA^  =  PBB^P~\ 

4.  The  complex  matrices  AA^ ,  BB^  are  similar,  that  is,  AA^  =  S~^(BB^)S,  for  some  invertible  n  x  nmatrixS. 

Since  these  problems  are  inherently  tedious,  we  display  below  our  action  plan  for  counting  the  equivalence  classes. 
Action  Plan.  Regardless  of  the  degree  (although,  here  we  deal  with  cubic  MRS  only),  we  single  out  a  few  simple  type  (or  types)  of 
tuples  that  each  equivalence  class  has  as  representatives  (indices).  Then,  we  count  the  number  of  inequivalent  such  type(s). 

We  start  with  a  simple  lemma.  Cusick  [10,  Lemma  4.3]  assumes  that  n  is  prime,  so  our  lemma  is  more  general.  If  there 
exist  u,  V  e  Z„  with  gcd(ii,  n)  =  1  such  that  uA(f)-\-v  =  A(g),  we  use  the  notation  A(f)  ~  A(g).  Throughout  this  paper 
we  use  the  “capital  mod"  notation  a  Mod  n  to  mean  the  unique  integer  h  e  (1,  2, . . . ,  n}  such  that  b  =  a  mod  n.  We  also  use 
the  notation  p*  [|  k  to  mean  p*  [k  and  p^+^  /k,  that  is,  s  is  the  p-adic  valuation  of  k. 

Lemma  6.2.  The  S-equivalence  class  of  any  cubic  MRS  h  with  A(h)  =  { 1 ,  i,  j}  where  either  gcd(i  —  1 ,  n)  =  1,  or  gcdO  —  1 ,  n)  = 
1,  or  gcd(!  —  j,  n)  =  1,  contains  a  function  g  with  A(g)  =  (1,  2,  m).  If  n  =  p'',  k  >2,  where  p  is  a  prime  and  gcd(i  —  1,  n)  7^  1, 
gcd(j  —  1,  n)  jt:  I,  then  the  class  of  h  will  not  contain  any  MRS  function  g  with  A(g)  =  {I,  2,  £},  but  it  will  contain  an  MRS  g 
with  A{g)  =  {L,  p^  -T  L,  m],  where p^  [|  gcd(i  —  1,  j  —  1),  1  <  s  <  k  —  1,  and p*|(m  —  1). 

Proof.  We  first  assume  that  at  least  one  of  gcd(i  —  1,  n)  =  1,  or  gcdtj  —  1,  n)  =  1,  or  gcd(i  —  j,  n)  =  1.  By  Theorem  5,2 
and  [40,  Theorem  1.1]  it  will  be  sufficient  to  show  that  for  every  MRS  h  with  A(h)  =  (1,  i,  j},  there  exist  u,  v  such  that 
uA{h)-\-v  =  {L,2,m},  for  some  m.  That  is  easily  seen:  ifgcd(i  —  1,  n)  =  1  take  u=  (i  —  1)“^  Mod  n,v=  1  —  u  Mod  n,  m  = 
1  -F  0  —  l)u  Mod  n;  or  if  gcdO  —  1,  n)  =  1  take  u  =  (j  —  1)“’  Mod  n,  v  =  1  —  u  Mod  n,  m  =  1  -F  (i  —  l)u  Mod  n;  or  if 
gcd(i  —  j,  n)  =  1  take  u  =  (i  —  j)“’  Mod  n,  v  =  \  —ju  Mod  n,  m  =  1  -F  (1  —j)u  Mod  n. 
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Next  assume  that  1  <  s  and  ||  gcd(i  —  1,  j  —  1)  (and  consequently,  p^lQ  —  0)-  Without  loss  of  generality,  we  assume 
that  II  i  —  1,  and  so  i  —  1  =  p^t  for  some  t  ^  0  (mod  p)  (the  other  cases  are  similar).  By  taking  u  =  Modp,  v  = 
1  —  u,  m  =  1  +  0  —  l)u.  then  we  see  that  {1,  i,  j}  ~  {1,  p^'  +  1,  m}  (and  certainly  p^ | m  —  1  =  0  —  since  p*[/  —  1).  □ 

For  the  following  theorem,  due  to  Cusick  [10,  Theorem  4.2],  we  can  use  Lemma  6.2  to  give  a  simpler  proof 
Theorem  6.3.  Suppose  p  >  Sis  a  prime.  Then  the  number  of  S-equivalence  classes  of  cubic  MRS  in  p  variables  is 


Proof.  We  take  k  =  [p/OJ ,  so  p  =  6k  +  1,  or  p  =  6k  +  5.  Also,  a  simple  computer  program  reveals  that  the  formula  is 
correct  forp  =  3,  5,  7,  so  we  will  assume  in  what  follows  thatp  >  11.  By  our  Theorem  5.2,  two  cubic  MRS  in  n  variables  are 
equivalent  if  and  only  if  the  corresponding  circulant  matrices  are  P-Q  equivalent.  By  Theorem  6.1  that  happens  if  and  only 
if  there  exist  u,v  €  with  gcd(u,  n)  =  1  such  that  uA(f)-t-v  =  A(g)  (recall  the  notation  A(f)'^  A(g)).  In  this  proof  not 
to  introduce  a  new  notation,  we  will  use  A(-)  for  a  representation  of  that  support  class. 

Using  Lemma  6.2,  it  will  be  sufficient  to  count  the  number  of  MRS/  with  A(f)  =  {1,  2,  m],  m  >  3,  that  are  not  equiv¬ 
alent.  We  will  look  at  the  number  of  possible  MRS  g  with  A(g)  =  {1,  2, 1}  contained  in  the  class  of  some  MRS  /  with 
A(f)  =  {1,2,  m).  Since  there  are  p  —  2  choices  for  m,  the  result  will  follow  by  simple  summation. 

For  u,  V  €  Zp,  u  0,  if  uA(f)  -T  v  =  u{l,  2,  m)  v  =  A(g)  =  {1,2,  £],  then  we  have  several  possibilities.  As  before, 
we  adopt  the  convention  that  all  expressions  are  Modp. 

Case  1.  u  -F  i>  =  1,2u  v  =  2,  mu  -T  v  =  1.  We  obtain  the  solutions  (u,  v,  1)  =  (1,  0,  m). 

Case  2.  u  V  =  1,2u  -\-  v  =  £,mu  -\-  v  =  2.  We  obtain  the  solutions  (u,  v,  £)  =  ((m  —  1)“',  1  —  (m  —  1)“\  l-F 

(m  -  1)-^). 

Case  3.2u-\-  V  =  1,  u  +  v  =  2,  mu  +  v  =  £.  We  obtain  the  solutions  (u,  v,  £)  =  (p  —  1,  3,  3  —  m). 

Case  4.  2u  -t-  V  =  1,  u  -t-  v  =  £,  mu  -t-  v  =  2.  We  obtain  the  solutions  (u,  v,  £)  =  ((m  —  2)~\  1  —  2(m  —  2)“\  1  — 

(m  -  2)-^). 

Case  5.  mu  +  V  =  1,u  +  v  —  2,2u  +  v  =  £.  We  obtain  the  solutions  (u,  v,  £)  =  (—(m  —  1)“',  2  -F  (m  —  1)“\  2— 
(m  -  1)-^). 

Case  6.  mu  +  V  =  1,  u  -\-  v  =  £,  2u  -\-  v  =  2.  We  obtain  the  solutions  (u,  v,  £)  =  (— (m  —  2)“',  2  -F  2(m  —  2)“\  2-F 
(m  -  2)-^). 

Potentially,  for  every  3  <  m  <  p,  there  are  5  other  possible  MRS  g  with  A(g)  =  {1,2,  £}  in  the  same  class  as  /  with 
A(f)  =  {1,2,  m}.  However,  not  all  of  those  values  are  different  So,  let  us  look  at  the  putative  £'s  in  the  set  (all  expressions 
are  Modp): 


{m,  1 -F  (m  —  1)  3  —  m,  1  —  (m  —  2)  \  2  —  (m  —  1)  \  2 -F  (m  —  2)  '}.  (2) 

If  m  =  3,  then  we  easily  see  that  f  e  {3,  1  -F  2“',  p,  p,  2  —  2“',  3}  =  {3,  1  -F  2“',  p}  (we  use  1  -F  2“’  =2  —  2“'  Modp), 
that  is,  {1,  2,  3}  ~  {1,  2,  1  -F  2“'}  ~  {1,  2,  p}.  Assume  now  that  m  ^  {3,  1  -F  2“',  p}  (certainly,  1  -F  2“'  ^  3,  norp  Modp). 
Further,  ifp  =  1  (mod  6),  then  Gauss’  quadratic  reciprocity  law  for  the  Jacobi  symbol  implies  (— i)U-i)(p-i)/4  _  (— = 
Q®  “  Qla)  “  ip)  i~p)  ~  (— and  so, —3  is  a  quadratic  residue  modulo  p.  Thus  (3  ±  (—3)'/^)2“' exists  Modp 
(this  is  obtained  by  equating  m  =  1  —  (m  —  2)“'  =2  —  (m—  1)“',  or  1  -F  (m  —  1)“'  =  3  —  m  =  2-F(m  —  2)“').  If  m  is  any 
of  these  two  values  (3  ±  (— 3)'/^)2“',  then  the  set  (2)  consists  of  only  two  elements.  In  all  other  cases,  the  set  (2)  contains 
six  different  elements,  as  one  can  easily  see.  Then  the  number  of  nonequivalent  classes  ifp  =  1  (mod  6)  is 


£(p)  =  1  -F  1  -F 


p  -  2  -  5 
6 


6k -F  1  -F  12  -  7 
6 


=  k-Fl. 


If  p  =  5  (mod  6),  then  —3  is  not  a  quadratic  residue  modulo  p,  and  so,  the  above  class  of  cardinality  2  does  not  exist.  Thus, 
besides  {3,  1  -F  2“',  p},  every  other  class  contains  six  elements,  and  so,  the  number  of  equivalent  classes  forp  =  5  (mod  6) 
is  exactly 


E(P)  =  1  + 


p-2-3 

6 


6k  -F  5  -F  6  -  5 
6 


=  k-Fl. 


Regardless,  E(p)  =  [g] ,  and  the  proof  is  done.  □ 

Next,  we  apply  our  method  to  show  the  main  result  of  [11,  Theorem  6.1].  We  adopt  the  convention  that  working  in 
some  Zn,  x“'p'  exists  if  p“  [|  x  =  p“y,  a  <  t,  and  p'x“'  :=  p^~“y~f  We  denote  by  £(p'')i,  £(p'')5  the  number  of  distinct 
equivalence  classes  of  cubic  MRS  in  p*'  variables,  for  p  =  1  (mod  6),  respectively,  p  =  5  (mod  6).  We  start  with  a  lemma. 


Lemma  6.4.  Using  the  notations  of  Lemma  6.2,  any  class  { 1 ,  p'* -F 1 ,  ap’^^'  -F 1}  (potentially,  p  could  further  divide  a)  is  equivalent 
to  a  class  (1,  p^  -F  1,  bp^  -F  1},  where  gcd(b,  p)  =  1.  Furthermore,  (f  2  <  a,  ap*  -F  1  <  p*^,  p“'  <  cp“  <  p''  and  (1,  p*  -F  1, 
bp^  -F  1}  ~  (1,  p“  -F  1,  cp™  -F  1},  gcd(fac,  p)  =  1,  then  s  =  w.  (All  equivalences  are  considered  Modp*'.) 
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Proof.  The  first  claim  follows  easily  by  taking,  for  instance,  u  —  —1,  v  =  +  2,  b  =  1  —  ap,  since  then  u{l,  p*  +  1,  ap'^+’  + 

+  bp^  +  1 }  • 

Regarding  the  second  claim,  without  loss  of  generality,  we  assume  0  <  s  <  w.  Let  u,  u  with  gcd(u,  p*^)  =  1  which  maps 
the  first  onto  the  second  support.  Solving  the  corresponding  systems  we  obtain  the  following  possibilities  for  (u,  v,  c): 

(Pi):  (p“-^  1  -  p^-M?) ; 

(P2):  (p“'-"h“’,l-p“-"b“\h“’); 

(P3)  :  (-p“'■^  1+  p“  +  p“'■^  1  -  h) ; 

(P4)  :  (p'"-^(b  -  1)-’,  1  -  p^-^Cp^  +  l)(b  -  1)-’, -(b  -  1)-’) ; 

(Ps)  :  (-p“-"b-’,  1  +p“  d-p^-^b-’,  1  -  b-’) ; 

(Pg)  :  (-p"~'(b  -  l)-\  1  +  p'^-^ibp^  +  l)(b  -  l)-\  b(b  -  I)”’) . 

Certainly,  (P])  cannot  happen  unless  10  =  s;  in  (P2),  since  c  =  b“'  and  p  /b,  then  u  =  p“'“®b“’  and  gcd(u,  p)  =  1  forces 
w  =  s;  in  (P3),  since  u  =  —p'"~^  and  gcd(u,  p)  =  1,  we  need  u;  =  s;  in  (P4),  since  c  =  — (b  —  1)“\  then  p  /fb  —  1,  and  so 
u  =  p'^~^(b—  1)“’  andp  /u  forces  u;  =  s;  in  (P5),  since p  /b,  thenu  =  — p^'^b"'  forces  «;  =  s;  in  (Pg),  since  c  =  b(b— 1)“\ 
thenp  /b  —  1,  and  so  u  =  — p“'“*(b  —  1)“^  forces  w  =  s.  □ 


Theorem  6.5.  Let  p  >  5  be  a  prime  number.  The  number  of  equivalence  classes  inp'^  (k  >  2)  variables  is 


E(p'‘h 

E(p'% 


(p+l)(pfc-l)  2k 
6(p  -  1)  ^3 

(p+l)(p'^-l) 

6(p  -  1) 


(3) 

(4) 


Proof.  Let  b  be  ap*' (k  >  2)  variables  cubic  MRS  with  z\(b)  =  {1,  i,j}.  We  first  assume  that  gcd(i  —  l,n)  =  gcdO  —  L,n)  = 
gcd(!— j,  n)  =  1.  By  Lemma  6.2,  in  the  equivalence  class  ofb  there  exist  functions/ with  2l(/)  =  {1,  2,  m}.  As  in  Theorem  6.3, 
the  only  possibilities  for  I  with  {1,  2,  m}  ~  {1,  2,  l\  are  in  the  set 

{m,  1  +  (m  —  1)“\  3  —  m,  1  —  (m  —  2)“',  2  —  (m  —  1)“\  2  +  (m  —  2)“’}.  (5) 

We  distinguish  several  cases.  We  adopt  the  convention  that  the  expressions  are  regarded  Modp*'. 

Case  1.  gcd(m  —  1,  p)  =  gcd(m  —  2,p)  =  1.  As  before,  if  m  =  3,  then  the  class  of  {1,  2,  3}  contains  three  distinct  cases 
{1,  2,  £},  where  L  €  {3,  1  +  2“/  p*'}.  As  before,  —3  is  a  quadratic  residue  modulo  p''  when  p  =  1  (mod  6),  and  so,  there 
is  another  class  containing  two  functions  g  with  A(g)  =  {1,  2,  (3  ±  (— 3)’/^)2“’}  in  this  case,  only.  Under  the  assumption 
gcd(m  —  1,  p)  =  gcd(m  —  2,  p)  =  1  and  m  ^  {3,  1  +  2“/  (3  ±  (— 3)'^^)2“',  p*'},  then  the  set  (5)  contains  distinct  elements. 

Since  3  <  m  <  p'f  there  are  p^  —  2  choices  for  m,  from  which  we  take  away  the  ones  that  do  not  satisfy  gcd(m  —  1,  p)  = 
gcd(m  —  2,  p)  =  1  (there  are  2(p''“'  —  1)  of  those),  and  so  the  contribution  to  £(p'')i  in  this  case  is 

p'' -2- 2(p''-’ -  1)  -  5  p''-2p''-’+7 

1  +  1  +  ^^ - - - ^ - =  - - - - ,  (6) 

6  6 

and  to  £(p*')5  is 

p'<-2-2(p''-’ -  l)-3  p''-2p''-’+3 

l  +  Z - ''JL - ( - =  L ^ -  (7) 

6  6 

Case2.  gcd(m  — l,p)  7^  1,  orgcd(m  — 2,  p)  7^  1  (obviously,  they  cannot  both  happen).  Then  there  are  four  possible  values 
forL,  namely  L  e  {m,  3  —  m,  1  —  (m  — 2)“\  2  +  (m  — 2)“'},  ifgcd(m  —  1,  p)  7^  1;  or  {m,  H-(m  —  1)“',  3  —  m,2—(m—  1)“’}, 
if  gcd(m  —  2,  p)  7^  1.  (We  observe  that  if  k  =  2,  then  either  set  can  be  simplified  as  {m,  3  —  m,  m  +  1,  2  —  m],  all  distinct.) 
The  contribution  to  both  £(p*')i  and  E(p'‘)5  in  this  case  is 

2(p''-’  -  1)  p''-’  -  1 

- -  =  - - .  (8) 

4  2 

We  now  look  at  the  cases  when  the  equivalence  classes  do  not  contain  any  MRS  /  with  A(f)  =  {1,2,  m),  rather 
(1,  p*  +  1,  m]  withp*|m  —  1, 1  <  s  <  k  —  1. 

Next,  we  fix  s  with  1  <  s  <  k  —  1,  and  (by  Lemma  6.4)  we  assume  that  the  MRS  classes  based  on  (1,  p*  +  1,  ap^  +  1}  and 
(1,  p*  +  1,  bp*  +  1}  are  equivalent,  2  <  a,  b  <  p''“*“’  —  1,  gcd(ab,  p)  =  1.  As  before,  using  Theorem  6.1,  the  possible  values 
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for  (fa;  u,  v)  such  that  u{l,  +  1,  ap*  +  1}  +  o  =  {1,  p^  +  1,  bp^  +  1}  are: 

(a;  1,0),  (a“';  a~\  1  —  a“'),  (1  —  a;  —  1,  2  +  p^), 

((1  -  a)-’;  -(1  -  a)-\  (2  -  a  +  p0(l  -  a)"'), 

( y  j 

(l-a“’;-a“\l+p'  +  a“^), 

(1  +  (a  -  1)-’;  -(a  -  I)"’,  a(p^  +  l)(a  -  I)”’). 

Case  3.  Let  a  ^  0,  1  (mod  p).  If  a  =  2,  then  (9)  (since  it  is  not  relevant  for  our  discussion  we  give  up  the  values  of  u,  v) 
shrinks  to 

Ifp  =  1  (mod  6), —3  is  a  quadratic  residue  modulo  p'',  then  for  a  =  (1  ±  (—3)^^^)2“\ the  set  of  fa’s  from  (9)  shrinks  further 
into  the  set  of  cardinality  two  (since  in  this  case  a  =  (1  —  a)“'  =  1  —  a~^  and  a~^  =  1  —  a  =  a(a  —  1)“') 


In  this  case,  if  a  ^  {2,  2“',  —1,  (1±(— 3)’'^^)2“^}  whenp  =  1  (mod  6),  respectively,  a  ^  {2,2~\  —1}  whenp  =  5  (mod  6), 
then  the  set  (9)  contains  six  distinct  elements. 

Thenumberofa’sintheinterval[2,p''“^— l]thatare=  1  (mod  p)  is  (p''“‘^“'  — l),andso,  thenumberofa  ^  0,  1  (mod  p) 
is  (p''“®  —  2)  —  2(p'‘~^~^  —  1)  =  p'‘~^  —  2p'‘~^~^.  The  contribution  to  £(p*^)i  in  this  case  (for  every  value  ofl<s<k— l)is 


(pk-s  _  2p''-^-i)  -  5\ 

6  J 


(p  -  2)p''-’  +  p(7k  -  8)  -  7k  +  9 
6(P  -  1) 


and  the  contribution  to  £(p*')5  in  this  case  (for  every  value  ofl<s<k— l)is 


(10) 


k-l 


(p'‘-^  -  2p''-"-0  -  3\  (p  -  2)p'‘-’  +  p(3k  -  4)  -  3k  +  5 


6(p-l) 

Case  4.  Let  a  =  1  (mod  p).  Recall  that  a  ^  0  (mod  p),  so  the  only  possibilities  for  b  in  (9)  are 


(11) 


a,  a 


-1 


The  contribution  to  orE(p’^)s  in  this  case  (for  every  value  of  1  <  s  <  fc  —  1)  is 


pk-s-i  _  -1  _  pk-1  _  _  -1)  +  fc  _  2 

^2  2(p-l)  ■ 

Summing  Eqs.  (6),  (8),  (10),  (12),  respectively,  with  (7),  (8),  (11),  (12),  we  obtain  the  expressions  for  £(p'')i,  respectively, 
E(p'%.  □ 

To  show  that  the  number  of  cubic  MRS  in  2''  (k  >  4)  number  of  variables  is  £(2*')  =  2*^“’  +  k  —  1  is  actually  easier  than 
the  previous  proof.  We  omit  the  details,  but  each  class  has  as  a  representative  either  {1,  2,  3},  {1,  2,  2*^“^},  {1,  2,  2''“’  +  1} 
all  of  cardinality  two,  or  some  other  {1,  2,  m]  of  cardinality  four,  or  a  triple  {1,  2*  +  1,  a2^  +  1}  of  cardinality  1,  2, 4. 

We  independently  derived  the  next  result  (we  found  out  after  submitting  this  work  that  the  recent  paper  [14]  gives  this 
result  with  no  restriction  on  p,  q)  that  seemed  complicated  to  obtain  via  the  previously  published  methods,  that  is,  we  find 
the  number  of  equivalence  classes  for  cubic  MRS  in  n  =  pq  (for  primes  3  <  p  <  q)  variables. 


Theorem  6.6.  Let  5  <  p  <  q  <  p^  be  prime  numbers.  The  number  of  S-equivalence  classes  for  cubic  MRS  in  n  =  pq  number  of 
variables  is 


E(pq)i.i 

pq  +  2(p  +  q)  +  25 

=  -  ifP=^ 

6 

(mod  6),  and  q  =  1 

(mod  6), 

E(pq)  1.5 

pq  +  2(p  +  q)  +  13 

=  -  if  P  =  ^ 

6 

(mod  6),  and  q  =  5 

(mod  6), 

E(pq)5.i 

pq  +  2(p  +  q)  +  13 

=  -  ifP  =  5 

6 

(mod  6),  and  q  =  1 

(mod  6), 

E(pq)s.5 

pq  +  2(p  +  q)  +  9 

=  -  if  P  =  5 

6 

(mod  6),  and  q  =  5 

(mod  6). 

Proof.  Let  {1,  i.j]  (with  1  <  i  <  j)  be  the  support  of  an  MRS.  By  Lemma  6.2,  if  gcd(i  —  1,  n)  =  1,  or  gcdO  —  1,  n)  =  1,  then 
its  class  will  contain  an  MRS  with  support  {1,2,  m}.  Assume  now  that  gcd(i  —  1,  n)  7^  1  and  gcdO'  —  1,  n)  7^  1.  There  are 
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several  options:  either  p|  gcd(i  —  l,j—  1),  or  q|  gcd(!  —  l,j—  l).As  before  it  is  easy  to  show  that  every  such  S-equivalent 
class  will  contain  an  MRS  with  support  {1,  p  +  1,  ap  +  1},  p  ||  gcd(i  —  1,  j  —  1),  a  >  1,  respectively,  {1,  q  +  1,  hq  +  1}, 
q  II  gcd(i-  l,j-  l),b  >  1,  gcd(afa,  pq)  =  1.  Further,  the  classes  {1,  p  +  1,  ap  +  1}  and  {1,  q+  1,  hq+  1}  will  never  overlap, 
since  otherwise,  there  exist  u,  u  e  Zp,  with  gcd(u,  pq)  =  1  such  that  u{l,  p  +  1,  ap  +  1}  +  u  =  {1,  q  +  1,  faq  +  1},  which 
could  only  happen  for  (u,  v,  b)  equal  to  one  of  the  following  six  cases: 

(qp,  1  -  qp,  a) ; 

(q(ap)~\  1  -  q(ap)~\  a~^) ; 

(-qp“’,l  +  q  +  qp“\l-a); 

(q((a  -  l)p)“’,  1  +  q(p  +  1)((1  -  a)p)“’,  (1  -  a)“’) ; 

(-q(ap)-\  1  +  q  +  q(ap)“’,  1  -  a“’) ; 

(q((l  -  a)p)“’,  1  +  q(ap  +  l)((a  -  l)p)“\  a(a  -  1)“’) , 

which  are  all  impossible  (since  x  is  invertible  if  and  only  if  gcd(x,  pq)  =  1). 

Thus,  it  is  sufficient  to  count  the  disjoint  classes  containing  {1,2,  m],  (1,  p  +  1,  ap  +  1},  or  (1,  q  +  1,  bq  +  1},  with 
gcd(a,  p)  =  1  and  gcd(b,  q)  =  1. 

Case  1.  S-equivalent  classes  with  a  representative  (1,  2,  m}.  If  (1,  2,  m]  ~  (1,  2,  i],  then  the  possible  values  fork’s  are  in 
the  set: 

(m,  3  -  m,  l-F  (m  -  1)“’,  1  -  (m  -  2)“’,  2  -  (m  -  1)“’,  2  -F  (m  -  2)“’}.  (13) 

Case  1.1.  Let  m  be  such  that  p|m  —  1,  q|m  —  2,  or  p|m  —  2,  q|m  —  1.  Since  in  that  case  we  need  to  have  ap  —  bq  =  1, 
it  is  known  that  there  are  two  solutions  for  that  identity  with  |a|  <  q,  |b|  <  p(ifa  >  0,  b  >  0,  then  the  other  values  are 
a'  =  a  —  q,  b'  =  b  —  p,  and  if  a  <  0,  b  <  0,  then  the  other  values  are  a'  =  q  -F  a,  b'  =  p  -F  b),  and  therefore,  two  such 
values  for  m,  say  mo,  mi  (if,  for  example,  mo  =  ap  -F  1  =  bq  -F  2,  for  some  a,  b,  then  mi  =  (q  —  a)p  -F  2  =  (p  —  b)q  -F  1, 
all  in  Modpq).  Then  (1,2,  mo}  ~  (1,  2,  mi}  (that  is  easily  seen,  since,  for  instance,  if  mo  =  ap  -F  1  =  bq  -F  2,  then  by  taking 
(u,  V,  1)  =  (—1,  3,  2  —  ap)  =  (—1,  3,  mi),  and  we  get  the  equivalence).  (As  an  observation,  these  two  values  in  (13)  are 
(m,  3  —  m}.)  Let  m  be  such  thatp|m  —  1,  q|m  —  3,  orp|m  —  3,  q|m  —  1.  Then  we  need  to  have  ap  —  fiq  =  2,  which  is  treated 
by  the  previous  argument  (in  this  case  a,  f)  are  obtained  by  multiplying  by  2  the  previous  pair  a,  b). 

The  contribution  of  this  case  to  any  of  the  E(pq).  .’s  is 


(14) 


2. 


Case  1.2.  If  m  =  3,  then  we  see  that  the  class  of  (1,  2,  3}  contains  (1,  2,  m},  where  m  €  (3,  1  -F  2“',  pq}.  If  both  p,  q  =  1 
(mod  6),  then  —3  is  a  quadratic  residue  modulo  pq  and  so,  there  are  two  more  classes  (1,  2,  m}  of  cardinality  two,  where 
m  =  (3  ±  a)2~^  Modpq,  with  =  —3  (mod  pq)  (recall  that  there  are  two  values  of  |a|). 

The  contribution  of  this  case  to  both  £(pq)i .  and  £(pq).  i,  respectively,  £(pq)5  5  is 


1  -F  2,  respectively, 
1. 


(15) 

(16) 


We  next  assume  that  m  ^  (3,  1  -F  2~\pq,  (3  ±  (— 3)’'^^)2“^},  if  both  p,  q  =  1  (mod  6)  and  that  m  ^  (3,  1  -F  2“’,  pq},  if 
either  p,  q  =  5  (mod  6). 

Case  1.3.  Let  gcd(m  —  1,  pq)  ^  1,  gcd(m  —  2,  pq)  =  1,  gcd(m  —  3,  pq)  =  1,  or  gcd(m  —  1,  pq)  =  1,  gcd(m  —  2,  pq)  ^ 
1,  gcd(m  —  3,  pq)  =  1.  The  possible  values  of£  in  this  case,  from  Eq.  (13),  are 

(m,  3  —  m,  1  —  (m  —  2)“',  2  -F  (m  —  2)“'},  respectively, 

(m,  3  -  m,  1  -F  (m  -  1)“’,  2  -  (m  -  !)“’}. 

It  is  easy  to  see  that  in  reality  the  two  possibilities  will  not  have  different  contributions  to  £(pq). .,  since  if  r|m  —  1,  for 
r  e  (p,  q} ,  then  r  |  (3 — m) — 2.  Thus,  the  number  of  m’s  in  the  interval  [3,  pq} ,  under  the  given  conditions,  is  exactly  2 (p-Fq— 6) , 
and  so,  the  contribution  of  this  case  to  £(pq).,.  is 

2(p  +  q  -  6)  ^  p-Fq-6 
4  ~  2  ■ 

We  remark  that  we  do  not  have  to  consider  the  case  of  gcd(m  —  1,  pq)  ^  1,  gcd(m  —  2,  pq)  =  1,  gcd(m  —  3,  pq)  7^  1, 

or,  gcd(m  —  1,  pq)  =  1,  gcd(m  —  2,  pq)  ^  1,  gcd(m  —  3,  pq)  7^  1,  since  this  prompts  i  e  (m,  3  —  m},  which  was  treated  in 

Case  1.2. 

By  using  an  inclusion-exclusion  argument,  we  see  that  the  number  of  integers  m  with  gcd(m  —  1 ,  pq)  7^  1  or  gcd(m  —  2, 
pq)  7^  1  is  2(p  -F  q  —  3),  and  so,  the  contribution  to  £(pq)i  1  of  classes  with  representative  (1,  2,  m}  for  this  case  is 


2-F  1 -F2-F 


2 


6 


6 


(18) 
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and  the  contribution  to  E(pq).  5  or  E(pq)s,.  is 


T  ,  ,  P  +  q-6  (pq-2)-2(p  +  q-6)-3  pq  +  p  +  q  +  7 

^  *  d - - i - :: - —  - - ■  I 

2  6  6 

Case  2.  S-equivalent  classes  with  a  representative  {1,  p  +  1,  ap  +  1},  where  2  <  a  <  p,  gcd(a,  pq)  =  1.  The  possible 
values  of  a's  are: 

{a,  a~\  1  —  a,  (a  —  1)“\  1  —  1  +  (a  —  1)“^. 

The  set  of  possible  a’s  for  the  equivalence  class  of  {1,  p  +  1,  ap  +  1}  (using  only  the  a’s  that  satisfy  p  +  1  <  ap  +  1  <  pq, 
gcd(a,  pq)  =  1)  is  {2,  2“’,  —1}  for  a  =  2;  {(1  ±  a)2~^  Mod  q},a^  =  —3  (mod  q),  if  q  =  1  (mod  6);  or  {a,  a“\  1  —  a,  {a  — 
1)“\  1  —  a“\  1  +  (a  —  1)“'}  in  any  other  case.  The  contribution  of  this  case  to  £(pq)i_i  or  E(pq)s,t  is 


1  +  1  + 


(q  -  2)  -  3  -  2 
6 


q  +  5 
6 


and  the  contribution  of  this  case  to  £(pq)i_5  or£(pq)5,5  is 


(20) 


^  (q  -  2)  -  3  _  q+1 
6  6 

Case  3.  S-equivalent  classes  with  a  representative  {1,  q  +  1,  bq  +  1},  2  <  fa  <  p  —  1.  The  possible  fa’s  are: 


(21) 


{fa,  fa-’,  1  -  fa,  (fa  -  1)“’,  1  -  fa“’,  1  +  (fa  -  !)■’}.  (22) 

Since  n  =  pq,  p  <  q,  and  faq  +  1  <  pq,  then  gcd(fa,  pq)  =  gcd(fa  —  1,  pq)  =  1.  As  before,  there  are  two  classes  generated  by 
fae  {2,2“\— l};orbe  {(1  +  fi)2~^  Modp}  =  —3  (mod  p)  ifp  =  1  (mod  6)).  If  fa  is  not  any  of  these  values,  then  the 
previous  displayed  set  (22)  has  cardinality  six.  The  contribution  to  £(pq)i,.  is 


1  +  1  + 


(P 


2) -5 
6 


p  +  5 
6 


and  the  contribution  of  these  cases  to  E(pq)s,.  is 


(23) 


^  (p  -  2)  -  3  _  p  +  1 
6  6 

Thus,  putting  together  Eqs.  (18),  (19),  (20),  (21),  (23)  and  (24)  we  get  the  claim.  □ 


(24) 


Remark  6.7.  If  we  do  not  impose  the  condition  that  q  <  p^,  then  the  only  difference  would  be  in  Case  2,  where  we  might 
have  classes  with  representatives  (1,  p’^  +  1,  ap^  +  1},  gcd(a,  pq)  =  1,  where  a  could  be: 

(a,  a“'},  ifa=l  (modp); 

(2,  2“’,-l},  for  a  =  2; 

{(1  ±  a)2“' Mod  q},  = —3  (mod  q),  if  q  =  1  (mod  6); 

(a,  a~\  1  —  a,  (a  —  1)“\  1  —  a“\  1  +  (a  —  1)“’},  otherwise. 


Can  our  method  based  upon  Theorem  5.2  and  a  result  similar  to  Theorem  6. 1  be  extended  to  count  the  equivalence  classes 
of  quartic,  quintic,  etc.,  MRS?  Presumably,  yes,  as  long  as  the  P-Q  equivalence  can  be  characterized  via  the  equivalent  residue 
classes,  that  is,  A(f  )  ~  A(g)  where  A(g)  =  uA(f  )  -h  v,u,  v  €  Zn,  gcd(u,  n)  =  1.  For  example,  from  what  it  is  known  [40] 
we  infer  that  such  a  result  happens  for  quartics,  quintics  in  n  variables,  assuming  that  every  prime  factor  of  £  is  greater  than 
23,  respectively  40.  We  can  also  infer  from  what  it  is  also  known  about  Adam’s  conjecture  [32],  that  regardless  what  the 
degree  of  the  MRS  is,  we  have  a  similar  result  as  [40,  Theorem  1.1]  for  n  =  4p  (p  prime),  or  squarefree  integers  n,  which 
along  with  our  Theorem  5.2  would  enable  one  to  count,  or  at  least  estimate  the  equivalence  classes  of  any  degree  MRS  in 
these  cases. 


7.  A  simple  criterion  for  (non [equivalence 

In  this  section  we  want  to  find  a  simple  criterion  to  detect  (non)equivalence  between  two  given  MRS.  To  that  end,  we 
consider  matrix  inverses  and  generalizations,  but  first  a  result  on  polynomials. 

Lemma  7.1.  Let  f  be  an  MRS  Boolean  function,  and  £,-,  i  =  1,2,  be  the  generating  polynomials  for  the  circulant  matrices  Mj  = 
C(au  02, ... ,  a„),  respectively,  M2  =  C(bi, ...  ,b„)  inAf,  where  (bi,  ...,b„)  =  pl^(au  ... ,  a„),  for  some  k.  Then,  gcd(Fi(z), 
z"  -  1)  =  gcd(F2(z),  z"  -  1). 
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Proof.  Since  (b^,  b2, . . . ,  bn)  =  p^(a^,  02, . . . ,  a„),  for  some  k,  an  inductive  argument  will  show  the  lemma,  if  we  can  prove 
the  claim  for  k  =  1,  namely,  for  (b^,  b2, . . . ,  bn)  =  (a„,a^, ,  a„_i).  That  is,  for  fi(z)  =  ai  +  a2Z  +  ■  ■  ■  +  anZ"~^  and 

F2(z)  =  On  +  aizH - |-a„_iz"“\  we  need  to  show  that  gcd(Fi(z),  z"  —  1)  =  gcd(F2(z),  z"  —  1).  Certainly,  zFi  (z)  —  F2(z)  = 

Oniz"  —  1),  and  so,  gcd(Fi(z),  z"  —  1)  =  gcd(zFi(z),  z"  —  1)  =  gcd(a„(z"  —  1)  +  F2(z),  z"  —  1)  =  gcd(F2(z),  z"  —  1).  The 
lemma  is  proved.  □ 

The  following  result  is  simple  to  show  and  well-known  (see,  for  instance,  [4,  Theorem  2.2],  or  [39],  although  the  result 
appears  much  earlier  [24]). 

Theorem  7.2.  Let  A  =  C(ai ,  02, . . . ,  a,,)  be  a  binary  circulant  matrix  with  generating  polynomial  F(z)  =  oi  -T  a2Z  -T  •  ■  •  -T 
a„z’'~^  e  F2[z].  If  gcd(F,  z"  —  1)  =  1,  then  the  matrix  A  is  invertible  and  its  inverse  isA~^  =  C(ai, . . . ,  a„),  where  (ai,  a2, 

. . . ,  a„)  is  the  unique  solution  of 

(aua2,  .  ■ .  ,an)  -  A  =  (1,0,  ...,0). 

Moreover,  if  F*(z)  =  X!j=i  ’  P*(^)  =  1  (mod  z"  —  1). 

However,  the  situation  when  gcd(F,  z"  —  1)  ^  1  is  not  so  easy.  For  a  square  matrix  A,  we  call  a  matrix  A*  (of  the 
same  dimension)  a  generalized  inverse  if  AA*A  =  A.  Let  A"'  be  the  (binary)  reflexive  generalized  matrix,  which  satisfies 
MM  =  A.A^^AAA  =  AK  In  addition,  if  both  AM  are  symmetric,  thenA^  is  called  a  (Moore-Penrose)  pseudoinverse  [1], 
It  is  known  [34]  that  matrices  over  finite  fields  have  at  least  one  generalized  inverse,  however,  if  the  pseudoinverse  exists, 
it  is  unique.  Also,  it  is  not  known  if  any  of  these  generalized  inverses  are  circulant,  and  our  first  result  of  this  section  deals 
with  this  problem. 

Theorem  7.3.  Let  A  =  C(ai, . . . ,  Un)  be  a  circulant  matrix  over  F2  of  generating  polynomial  F  =  Yl’j=i  tijZ>~^  e  F2[z].  Let 
gcd(F(z),  z"  —  1)  =  D(z),  z"  —  1  =  H(z)  ■  D(z),  and  assume  that  gcd(D(z),  H(z))  =  1.  Then  the  polynomial  F  is  invertible 
modulo  H,  that  is,  there  exists  F*(z)  =  Ylj=t  oijZ^~^  wiLh  F(z)  •  F*(z)  =  1  (mod  FI(z)).  Moreover,  the  circulant  matrix  A  has  a 
circulant  generalized  inverse,  precisely,  AA*A  =  A,  where  A*  =  C(q!i,  . . . ,  «„)■  If  further,  gcd(F,  z"  —  1)  =  gcd(F*,  z"  —  1), 
then  A*  is  in  fact  the  reflexive  generalized  inverse  A^  that  is,  it  also  satisfies  A*AA*  =  A*. 

Proof.  Let  n  =  2^m  with  m  odd,  and  t  an  arbitrary  integer.  It  is  known  that  every  irreducible  factor  of  z"  —  1  (over  F2) 
appears  at  the  power  2f  Let  0(z)  be  an  arbitrary  irreducible  factor  of  H(z)  =  (z"  —  1)/D(z).  Since  gcd(D(z),  Fl(z))  =  1, 
then  gcd(F(z),  <l>(z))  =  1  and  so,  the  class  of  F(z)  is  invertible  in  the  ring  F2[z]/(<P^'),  that  is,  there  exists  Fi,(z)*  with 
F (z)  •  F^  (z)*  =  1  (mod  0^  ).  Using  the  fact  that  H(z)  =  distinct  •  ^^d  applying  the  Chinese  Remainder  Theorem,  we 
obtain  that  there  exists  F*  with  F(z)  •  F*(z)  =  1  (mod  H(z)).  Moreover,  F*(z)  is  unique  modulo  H(z). 

To  show  the  second  claim  of  our  theorem,  we  assume  that  F  •  F*  =  1  (mod  H),  where  F*(z)  =  Yl'j=i  ^  and  we  will 
show  that  AA*A  =  A,  where  A*  =  C(a] ,  ...,«„)• 

Let  R  be  the  quotient  ring  F2[z]/ {H(z)).  Since  D  divides  F  and  H  divides  FF*  —  1,  thenz"  —  \=HD  divides  F(FF*  —  1)  and 
so,  we  have  the  identity  F^F*  =  F  in  F2[z]/(z"  —  1).  Multiplying  out  the  polynomials  F^,  F*,  and  reducing  modulo  z"  —  1, 
we  obtain 

^  aiUk  +  I  ^  a, at  1  z  H - F  (  ^  aiai< 

2i+k=3  (mod  n)  \2i-|-/<=4  (mod  n)  /  \2i-|-fc=2  (mod  n) 

wbicb  implies  the  corresponding  circulant  matrices  are  equal,  thus  AA*A  =  A. 

Using  gcd(F(z),  z"  —  1)  =  gcd(F*(z),  z"  —  1),  by  a  similar  argument  as  before,  we  get  that  A  is  also  a  generalized  inverse 
for  A*,  that  is,  A*AA*  =  A*,  which  shows  the  last  claim  of  our  theorem.  □ 

Remark  7.4.  Although  there  are  plenty  of  generalized  inverses  (many  of  which  are  circulant)  in  general,  we  want  to  point  out 
that  by  Theorem  7.3  the  polynomials  associated  to  these  generalized  inverses  are  all  congruent  modulo  the  corresponding 
H.  Further,  if  the  associated  polynomial  F  is  invertible  modulo  H,  then  A  has  a  generalized  inverse,  but  the  converse  may  not 
be  true. 

What  about  the  symmetry  of  AA*  (needed  for  pseudoinverse)?  Multiplying  the  circulant  matrices  and  transposing  shows 
that  having  A  and  A*  circulant  does  not  necessarily  imply  that  AA*  =  (AA*)^  holds,  in  general. 

Remark  7.5.  It  may  be  tempting  to  conjecture  that  every  circulant  matrix  has  a  generalized  inverse  that  is  circulant. 
However,  that  is  not  so,  if gcd(D,  H)  7^  1.  For  example,  let  n  =  6,  and  F(z)  =  1  -F  z^.  Since  z®  —  1  =  F(z)^,  then  (with  the 
previous  notations)  H(z)  =  D(z)  =  F(z),  and  consequently  F  has  no  inverse  modulo  F.  One  can  also  easily  check  (as  we 
did,  using  a  computer  program)  that  the  circulant  matrix  C(l,  0,  0,  1,0,  0)  corresponding  to  F(z)  =  1  -Fz®  has  no  circulant 
generalized  inverse. 
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Regarding  the  singularity  (or  nonsingularity)  of  the  associated  circulant  matrix  to  an  MRS,  we  recall  the  following 
result  [38,24],  which  gives  a  characterization  of  Boolean  functions  whose  associated  circulant  matrices  are  singular 
(nonsingular). 

Proposition  7.6.  Letf  be  a  degree  d  MRS  with  associated  Af  =  (C(a], . . . ,  a„)}  (assume  that  ai  =  1).  Let  A(Af)  =  {1,  S2, . . . , 
Sd}.  Then  Af  is  singular  if  and  only  if  there  is  an  nth  root  of  unity  ji  such  that  1  +  _  q 

As  a  corollary,  one  gets  easily  the  next  result,  also  a  consequence  of  [38,  Lemma  3[. 

Corollary  7.7.  With  the  notations  of  the  previous  proposition,  we  have: 

(i)  If  wt{A(Af))  is  even,  thenAf  is  singular. 

(ii)  Let  p  be  the  least  odd  prime  occurring  in  the  factorization  of  n.  Assume  that  A(Af)  =  (1,  S2, . . . ,  Sj]  has  odd  weight  d  and 
Si  <p  —  2.  Then  Af  is  nonsingular. 

For  a  degree  d  MRS/  with  invertible  class  A/,  we  let  A(AJ^)  =  |ji>  Jz,  ■  ■  •  Jt)  and  we  define  the  MRS  dual  function  f*  by 

f*  =  +  +  l  •  •  •  ^Jt  +  1  +  •  •  •  +  •  •  •  Xj,_l  . 

Our  next  result  gives  a  (necessary,  but  not  sufficient)  extension  for  higher  degrees  of  Theorem  2.1. 

Theorem  7.8.  Letf,  g  be  two  MRS  Boolean  functions  in  n-variables.  If  f  g  (i.e.,  f,  g  are  affine  equivalent  by  a  permutation 
in  S„)  and  Af  is  invertible,  then  Ag  is  also  invertible,  and  the  corresponding  dual  functions  f* ,  g*  are  S-equivalent.  Hence 
wt{A(f))  =  wt(A(g))  and  wt(A(f*))  =  wt(A(g*)). 

Proof.  Let  A.  B  be  representative  circulant  matrices  of  the  classes  A/,  Ag,  respectively.  From  Theorem  5.2,  there  are  permuta¬ 
tion  matrices  P,  Q  such  that  PA  =  BQ.  Since  A,  P,  Q  are  invertible,  their  determinants  are  all  1  (mod  2),  and  thus  so  is  det(6). 

Taking  the  inverse  gives  A“^P’^  =  QJb~^,  orQA“^  =  B“'P.  Then,  again  by  Theorem  5.2,  f*  ~  g*  and  so  have  equal  degree. 
In  terms  of  the  weights  of  rows  of  the  matrices,  if  A  =  C(a),  B  =  C(b),  A“’  =  C(o!),  B“’  =  C(/3),  then  wt(a)  =  «;f(b)  and 
wt(a)  =  wt(fi),  and  the  theorem  is  shown.  □ 

Remark  7.9.  Note  that  any  bit  vector  may  be  permuted  to  give  any  other  of  the  same  weight,  so  for  the  above  vectors,  some 
permutation  takes  a  to  b  and  another  takes  a  to  /3. 

Example  7.10.  Take  n  =  5,  and  f  ~  g  whose  SANFs  are  X1X2X4,  respectively,  X1X2X3  (and  so,  wt(A(f))  =  wt(A(g))). 
Certainly, 

Af  =  (C(l,  1,  0,  1,  0)),  Ag  =  (C(l,  1,  1,  0,  0)); 

Af^  =  (C(l,  1,  1,  0,  0)),  A“’  =  (C(l,  1,  0,  1,  0)) 

and  so,  wt(A(f*))  =  wt{A{g*))  (in  fact,  in  this  case  the  dual  off  is/*  =  g).  As  another  example,  we  take  n  =  8,f,  g  with 
SANFs  X1X2X4,  respectively,  X1X2X6  (and  so,  wt(A(f))  =  wt(A(g))).  We  compute 

Af  =  (C(l,  1,  0,  1,  0,  0,  0,  0)),  Ag  =  (C(l,  1,  0,  0,  0,  1,  0,  0)); 

A/’  =  (C(l,  1,  1,  1,  0,  1,  0,  0)),  A“’  =  (C(l,  1,  0,  0,  0,  1,  0,  0)), 

and  so,  wt{A(f*))  =  5  jL  wt(A(g*))  =  3,  therefore/  ^  g. 

Remark 7.11.  The  conditions  wt{A(f))  =  wt(A{g)),  wt{A(f*))  =  wt(A(g*))  are  not  sufficient  to  ensure  that  the  func¬ 
tions/,  g  are  S-equivalent.  As  an  example,  take  n  =  8  and/,  g  with  A(f)  =  (1,  2,  3],  A(g)  =  (1,  2,  4}.  The  two  functions 
are  not  in  the  same  S-equivalence  class,  yet  uit(2\(/))  =  wt(A(g))  =  3  and  wt(A(f*))  =  wt{A{g*))  =  5,  as  one  can  check 
easily. 

For  a  degree  d  MRS,  whose  class  Af  is  not  invertible,  let  the  equivalence  class  of  the  pseudoinverse  (also  circulant)  matrix 
denoted  byAj  (if  it  exists,  it  is  unique)  with  2\(Aj)  =  [/1J2.  ...,jt}.Then  the  pseudo-dual  Boolean  function  is 

f  =  Xj,Xj2  •  •  •  Xj,  -F  Xj,+,x,,+i  •  •  •  Xj,+1  -F  •  •  •  -F  Xj,_iXj2_i  •  •  •  Xj,_, . 

By  abuse  of  notation,  we  let  wt(A(f^))  :=  wt(Aj).  We  propose  the  following  question,  which  seems  to  be  true  (supported 
by  a  lot  of  computer  data). 

5 

Open  Problem. ///  ~  g  with  singular  matrices  Af ,  Ag  admitting  circulant  pseudoinverses,  is  it  true  that  wt{A(f))  =  wt{A{g)) 
and  wt(A(f^))  =  wt(A(g^))? 

While  we  cannot  answer  this  open  question  at  this  moment,  we  can  certainly  give  some  necessary  condition  for  the 
S-equivalence  (assuming  the  existence  of  pseudoinverses). 
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Theorem  7.12.  Let  f,  g  be  two  n-variable  MRS  functions  with  f  ~  g,  andkf  =  (C(ai, . . . ,  af)),k^  =  (C(ajr(i), . . . ,  a7r(n))>  (for 
some  permutation  jt),  whose  pseudoinverses  are  (C(q!i  . . . ,  «„)),  (C(jSi, . . . ,  Let  z  be  the  permutation  t(1)  =  1,t(2)  = 
l‘n/2]  +  1,  t(3)  =  2,  t(4)  =  \nl2'\  +2, _ The  following  statements  are  true: 

[1]  Let  n  be  odd.  Then 

(ai, . . . ,  a„)  =  (a^d), . . . ,  a^n))  C(q!i, 

(ai,  =  (ttrd),  .  .  .  ,  Q!r(n))  C(a],  .  .  .  ,  0^) 

■  5  Ojr(n))  —  (o(jroT)(l)5  •  ■  ■  .  0[{jror)(n))  i 

(/^l,  .  .  .  ,  /^n)  =  (^r(l)>  ■  ■  •  ;  Pr{n))  C  (civ'll);  •  ■  •  >  ■ 

(ii)  Let  n  be  even.  Then 

(O],  .  .  .  ,  a„)  =  (flrCl)  +  Or(2),  0,  0^(3)  +  Cir(4)>  0,  .  .  .)  C(q!i,  .  .  .  ,  «„) 

(ai,  =  (adi)  +  at(2),  0,  +  ar(4).  0,  . . .)  C(ai,  . . . ,  a„) 

{^jr(l)5  •  •  ■  5  Ojr(n))  —  {0(jroT)(l)  “H  0(jY-or)(2)5  0,  .  .  ,  ^n) 

ifil,  ■  ■  ■  ,  fin)  =  {fir(l)  +  fir{2),  0,  .  .  .  ,  )  C  (QttCI),  •  ■  ■  ,  OjrCn))  ■ 

Proof.  The  proof  is  straightforward,  using  the  commutativity  of  circulant  matrices,  but  rather  tedious.  □ 

For  an  MRS/,  if  A/  does  not  have  a  pseudoinverse,  rather  only  circulant  generalized  inverses,  then  the  notion  of  dual  is 
not  well-defined,  since  the  weights  of  the  (usually,  more  than  one)  generalized  inverses  differ.  One  might  choose  the  first  in 
lexicographical  order  for  the  dual/*,  or  allow  multiple  duals.  Using  this  notion,  for  singular  A/,  Ag  without  a  pseudoinverse, 
rather  only  circulant  generalized  inverses,  the  condition  wt(A(f*))  =  wt(A(g*))  is  not  necessary  (as  in  Theorem  7.8). 

s 

As  an  example  for  n  =  1,  let /  have  SANF  X1X2X3X5  and  g  have  SANF  XiX2X3X6,  where/  ~  g  (from  [12,  Table  1]).  We 
computed  all  generalized  Inverses  that  are  circulant,  all  of  which  correspond  (via  the  congruence  modulo  the  corresponding 
H’s  —  see  Remark  7.4)  to  Ajf  =  (C(l,  0,  0,  0,  0,  0,  0)),k*  =  (C(l,  1,  0,  0,  0,  0,  0))  (smallest  in  lexicographical  order),  which 
clearly  do  not  satisfy  wt(A(f*))  =  wt{A(g*)). 
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